Strapi /auth/local api throws 500 error for wrong password or email not confirmed

Shubham_Digole · August 1, 2023, 3:06pm

System Information

Strapi Version: 4.11.4
Operating System: Windows 11
Database: Postgress
Node Version: 14.19.1
NPM Version: 6.14.16
Yarn Version:

I am having an issue when I try to log in with the wrong password or not confirmed account or blocked account I am getting 500 error as an internal server error instead of a message in response. but I can see an error on strapi console please can anyone give me fix for it i alos updated strapi version but still same old version strapi was 4.7.0

s.rodionchev · August 27, 2023, 4:11pm

I have the same problem. Started with version 4.11.1.
Updating strapi to version 4.12.7 - did not help

sistematico · September 2, 2023, 8:33pm

Same issue.

Paul_Brats · September 27, 2023, 5:37pm

Let me give it a try and see if I can reproduce the issue.

Paul_Brats · September 27, 2023, 6:07pm

Just tested in the latest version, both cases work and get appropriate messages.

I get the correct errors.When using wrong password I get:

{
	"data": null,
	"error": {
		"status": 400,
		"name": "ValidationError",
		"message": "Invalid identifier or password",
		"details": {}
	}
}

When ‘blocked’ I get this error:

{
	"data": null,
	"error": {
		"status": 400,
		"name": "ApplicationError",
		"message": "Your account has been blocked by an administrator",
		"details": {}
	}
}

a.klymchuk · November 12, 2023, 9:50am

Hello @Paul_Brats.
I experience the same issue as other reporters. I see that the user-permissions-plugin throws an error when username or password is incorrect - https://github.com/strapi/strapi/blob/main/packages/plugins/users-permissions/server/controllers/auth.js#L70
As far as I can see it is not caught anywhere, therefore Strapi return 500 error.
How it should be handled to build a correct response? Should I patch the plugin to change the behaviour?

heller · December 8, 2023, 6:33pm

Hi, any news on this?

a.klymchuk · December 9, 2023, 7:47pm

Hi. The issue is cause by mismatch between different parts of strapi code in earlier versions. Update to 4.15.5 helped to solve it.

michaeldeathless · December 22, 2023, 9:13pm

Hi, I still have the 500 error if the password is wrong after updating to 4.16.2

{
“data”: null,
“error”: {
“status”: 500,
“name”: “InternalServerError”,
“message”: “Internal Server Error”
}
}

Mubashir_Jamali · December 27, 2023, 2:07pm

Me too! I get the Internal Server Error when ever credentials are wrong, at that time, it prints correct errors in the server console/terminal.

When passed correct credentials it just works.

But for wrong credentials, it should have sent error that should state what exactly is wrong with credentials.

My Strapi version is 4.16.2.
I have not added Redis yet.
I am using PostgreSQL.

michaeldeathless · December 28, 2023, 9:29pm

Check the version of strapi/user-permissions package - make sure that it is 4.16.2

This worked for me

michaeldeathless · December 28, 2023, 9:29pm

I figured it out.

Check the version of strapi/user-permissions package - make sure that it is 4.16.2

This worked for me.